People commonly utilize websites for everyday tasks, such as shopping online, checking bank account balances, and communicating with others by email or message boards. Unfortunately, vulnerabilities may exist in these systems. Unauthorized third parties can exploit the computer security vulnerabilities to gain access to sensitive data, such as credit card information or social security numbers, which can expose consumers to possible fraud or identify theft.
A common type of computer security vulnerability is cross-site request forgery (CSRF), also known as “one-click attack,” “hostile linking,” or “session riding.” CSRF is a class of attack that involves transmitting unauthorized commands through a trusted web session. A user is authenticated by the use of cookies, browser authentication, or client side certificates for a specific domain. A script residing on a third party domain may impersonate the authenticated domain and execute malicious requests as if the user executed the requests. Unauthorized third parties may gain access to secure information through these malicious actions.
Another common type of computer security vulnerability is cross-site scripting (XSS). XSS is a class of attack that involves web application vulnerabilities that allow unauthorized third parties to bypass normal client-side security mechanisms, such as the same origin policy, to enable injection of client-side scripts into web pages that can be viewed by others. The same origin policy is a policy that permits scripts running on pages originating from the same site to access each other's methods and properties without specific restrictions while preventing access to most methods and properties across pages on different sites.